Re: kern/39307 (mfs will sometimes panic at umount time)

To: kern-bug-people%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost,cube%cubidou.net@localhost
Subject: Re: kern/39307 (mfs will sometimes panic at umount time)
From: Quentin Garnier <cube%cubidou.net@localhost>
Date: Wed, 24 Sep 2008 14:05:03 +0000 (UTC)

The following reply was made to PR kern/39307; it has been noted by GNATS.

From: Quentin Garnier <cube%cubidou.net@localhost>
To: gnats-bugs%NetBSD.org@localhost
Cc: 
Subject: Re: kern/39307 (mfs will sometimes panic at umount time)
Date: Wed, 24 Sep 2008 16:00:21 +0200

 --VZekXYd/M+CUZV2i
 Content-Type: text/plain; charset=us-ascii
 Content-Disposition: inline
 Content-Transfer-Encoding: quoted-printable

 On Wed, Sep 24, 2008 at 09:46:20AM +0000, ad%NetBSD.org@localhost wrote:
 > Synopsis: mfs will sometimes panic at umount time
 >=20
 > State-Changed-From-To: open->feedback
 > State-Changed-By: ad%NetBSD.org@localhost
 > State-Changed-When: Wed, 24 Sep 2008 09:46:18 +0000
 > State-Changed-Why:
 > Should be fixed - please verify.

 It made the failure different this morning.  However, it was a quick
 test so I might have left a few asserts of my own in that kernel.  I'll
 have more time to test tonight.

 Looking at your changes, however, I don't see how they could prevent the
 panic.  What I think is happening is a race between umount(2) and
 mfs_mount(8).

 The former will do its job and the necessary references are released.
 That will signal mfs_mount(8) somehow, which is still in VFS_START at
 that point.  It will go ahead with doumount() which will do the final
 call to vfs_destroy(), which in turns destroys the struct mount.

 When mfs_start() returns to VFS_START, the pointer to the struct mount
 is dereferenced and that's where it crashes.

 It works when mfs_mount(8) gets signaled and to run before umount(2) is
 finshed, so that the end of VFS_START can dereference the struct mount.

 --=20
 Quentin Garnier - cube%cubidou.net@localhost - cube%NetBSD.org@localhost
 "See the look on my face from staying too long in one place
 [...] every time the morning breaks I know I'm closer to falling"
 KT Tunstall, Saving My Face, Drastic Fantastic, 2007.

 --VZekXYd/M+CUZV2i
 Content-Type: application/pgp-signature
 Content-Disposition: inline

 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.9 (NetBSD)

 iQEcBAEBAgAGBQJI2kf1AAoJENgoQloHrPnoi0IH/jtaP9a2bNssqc4LXItbTIkj
 IAuK4T8+h/ClzWDwcEHT8Auaaj4KdajG5r9Q9LblDQxKNcS7Vq+OZd6e0t0ulsnu
 +V3djYFL2LIjatmfDypiSrmgx0A+9t6ZuDN6WHFTdNXNMNPFBUHy9+DmgrX0UPxQ
 OsePcJjwqi//qAwBbWqKIx+FhTUYhif0hJnwACaJqiUFpYQx0EWPat2yhJF0cggU
 3M9eBgl+dPCGbeslbiBqIqr51YF5RMTI4dPZq4FxCwV7VqEefwEj7XBOihrT1WsV
 iDilhEkovhTdzDdt1gbq6RJCWhJvXPG9atojY7cE8TdDSP9AhvrWqG++A9QV4WE=
 =N9fI
 -----END PGP SIGNATURE-----

 --VZekXYd/M+CUZV2i--

Prev by Date: Re: kern/38762 (panic: vwakeup: neg numoutput)
Next by Date: Re: kern/39583 (acrmsr(4) driver doesn't report number of volumes correctly to bioctl(8))
Previous by Thread: Re: kern/39307 (mfs will sometimes panic at umount time)
Next by Thread: Re: kern/39307 (mfs will sometimes panic at umount time)
Indexes:

Home | Main Index | Thread Index | Old Index